| Windows内核恶意代码分析与检测技术研究 |
| |
| 引用本文: | 左黎明.Windows内核恶意代码分析与检测技术研究[J].微机发展,2008(9):145-147. |
| |
| 作者姓名: | 左黎明 |
| |
| 作者单位: | 华东交通大学基础科学学院 |
| |
| 基金项目: | 江西省自然科学基金资助项目(0611009);江西省教育厅支持项目(赣教技2006123);华东交通大学校立科研基金资助项目(07JC03) |
| |
| 摘 要: | Windows内核恶意代码是指能够通过改变Windows执行流程或者改变内核审计和簿记系统所依赖的数据结构等手段以达到隐藏自身,实现恶意功能的程序或程序集,对操作系统安全造成很大的危害。对近年来基于NT内核的微软Windows操作系统下恶意代码主要的隐藏实现技术(包括对进程函数、注册表函数、SSDT等的HOOK行为)进行了深入分析研究,提出了一些具有实用价值的恶意代码检测技术方案。实践表明文中提出的恶意代码分析检测技术在实际中具有积极的指导意义。
|
| 关 键 词: | 内核 恶意代码 Native API HOOK |
Research of Analysis and Detection of Malicious Code in Windows Kernel |
| |
| ZUO Li-ming.Research of Analysis and Detection of Malicious Code in Windows Kernel[J].Microcomputer Development,2008(9):145-147. |
| |
| Authors: | ZUO Li-ming |
| |
| Affiliation: | ZUO Li-ming (School of Natural Science, East China Jiaotong Univ. , Nanchang 330013, China) |
| |
| Abstract: | Malicious code in Windows kernel is a program or set of programs that an intruder uses to hide her presence and allow malicious actions on a computer system by altering the execution flow of the operating system or manipulating the data set that the operating system relies upon for auditing and bookkeeping,it does great harm to the safe of Windows operating system.Carries on the thorough analysis of main concealing techniques of malicious code(include every hooking action on process functions,registry functions,SSDT and etc.) in the Windows operation system based on NT kernel,which has been popular in recent years.Then it proposes some schemes on how to detect the malicious code in Windows kernel,practice has showed that the schemes have very high practicality. |
| |
| Keywords: | kernel malicious code native API HOOK |
| 本文献已被 CNKI 维普 等数据库收录! |
